Contents
1. Overview
Valley Metro Church ("we," "us," or "the church") is a registered 501(c)(3) nonprofit religious organization located in Winnetka, California. We respect your privacy and are committed to protecting the personal information you share with us.
This policy explains what information we collect through our website at valleymetrochurch.com, how we use it, who we share it with, and the choices you have. It is written to comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), along with other applicable privacy laws.
The short version: We collect only what you give us when you plan a visit, submit a prayer request, or give. We use it to follow up with you, deliver services you ask for, and improve the website. We do not sell your information. We do not share it for advertising in exchange for money. You can ask us at any time to see, correct, or delete what we have.
2. Information we collect
Information you give us directly
- Plan Your Visit form: first name, last name, email address, phone number (optional), family size, and general indication of children's ages.
- Prayer Wall form: your prayer request, and optionally your name and email if you'd like us to follow up.
- Giving: if you give online, payment information is collected directly by Stripe, Inc., our payment processor. We do not see or store your full card number, CVV, or bank account number. We do receive transaction confirmations including your name, email, amount, and designated fund.
- Direct contact: if you email or call us, the contents of that communication.
Information collected automatically
- Device and usage information through analytics tools: pages viewed, time on site, browser type, operating system, approximate location (city/region from IP), and referring source.
- Cookies and similar technologies used by Google Analytics, Microsoft Clarity, and Meta Pixel (see section 5).
Categories of personal information under California law
In the twelve months before the date above, we have collected the following CCPA-defined categories of personal information:
- Identifiers (name, email, phone, IP address)
- Customer records (information you provide in our forms)
- Internet activity (browsing on our site)
- Geolocation data (approximate, IP-derived only)
- Inferences drawn from the above to understand visit interest
We do not knowingly collect biometric information, government IDs, precise geolocation, or login credentials.
3. How we use your information
- To welcome you on Sunday, follow up after you plan a visit, and answer your questions.
- To pray for you when you submit a prayer request.
- To process donations and send tax-deductible giving receipts.
- To send you ministry communications you opt into (you can unsubscribe at any time).
- To improve the website and understand which pages and content are most helpful.
- To comply with legal obligations, including tax reporting on charitable contributions.
We use your information only for the purposes listed above or other purposes you specifically consent to.
4. Who we share information with
We do not sell your personal information. We do not share your information for cross-context behavioral advertising in exchange for money or other valuable consideration. We share limited information only with the service providers that help us run the church:
- Stripe, Inc. — processes your online gifts. Stripe's privacy policy: stripe.com/privacy
- Google LLC — Google Analytics (site analytics) and Google Maps (the embedded map). Privacy: policies.google.com/privacy
- Microsoft Corporation — Microsoft Clarity (anonymous heatmaps and session recordings). Privacy: privacy.microsoft.com
- Meta Platforms, Inc. — Meta Pixel, used so we can show ministry information on Facebook and Instagram to people likely to be interested. Privacy: facebook.com/privacy/policy
- Cloudflare, Inc. — hosts the website and protects against attacks. Privacy: cloudflare.com/privacypolicy
- Our email and form delivery provider — used to deliver the messages you send through our forms to the church office.
We may also disclose information if required by law (subpoena, court order), to protect the safety of people involved with the church, or in connection with a merger or restructuring of the church's operations.
5. Cookies and analytics
Our website uses cookies and similar technologies to remember your preferences and understand how people use the site. You can block cookies in your browser settings, but some parts of the site may not work as expected.
Specifically, we use:
- Google Analytics (GA4) with IP anonymization enabled.
- Microsoft Clarity for behavioral heatmaps. Clarity masks sensitive form input by default.
- Meta Pixel for measuring the effectiveness of any Facebook/Instagram outreach.
You can opt out of Google Analytics with the Google Analytics Opt-Out Browser Add-on and manage Meta ad preferences in your Facebook account settings.
6. Children's privacy
We do not knowingly collect personal information directly from children under 13. The Plan Your Visit form is intended to be completed by a parent or guardian and asks only general indications of family size and approximate ages of children (preschool, elementary, teen) so we can prepare appropriate programs for Sunday morning. We do not collect a child's name, birthdate, photo, or contact information through the website.
If you believe a child has provided us information through the website, please contact us at ask@valleymetrochurch.com and we will delete it.
7. Sensitive information and prayer requests
Prayer requests submitted through the Prayer Wall form may contain sensitive personal information (about health, family, faith, or personal struggles). We treat these requests with care:
- Prayer requests are shared only with the church's prayer team for the purpose of praying for you.
- Prayer requests are not published publicly on the website unless you specifically ask us to share one. The examples shown on the Prayer Wall are illustrative.
- You may submit a prayer request anonymously by leaving the name and email fields blank.
- We will not use prayer request content for analytics, advertising, or sale, ever.
8. Your California privacy rights
If you are a California resident, you have the following rights under the CCPA and CPRA. Some of these rights apply to "businesses" as defined by the law; the church is a nonprofit and not strictly a "business" under CCPA, but we honor these requests as a matter of policy:
- Right to know what personal information we have collected, used, disclosed, or sold about you.
- Right to delete personal information we have collected from you, subject to certain exceptions (for example, we may need to keep donation records for tax purposes).
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing of your personal information. We do not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of, but you may submit a request anyway and we will confirm.
- Right to limit use of sensitive personal information beyond what is necessary to provide the services you requested.
- Right to non-discrimination for exercising any of these rights.
To submit a request, email ask@valleymetrochurch.com with the subject line "California Privacy Request" or call (818) 527-1349. We will verify your identity (typically by confirming information you previously provided to us) and respond within 45 days. An authorized agent may submit a request on your behalf with written authorization.
9. How we protect your information
We take reasonable steps to protect the information you share with us:
- The website is served over HTTPS with SSL/TLS encryption provided by Cloudflare.
- Payment information is handled entirely by Stripe, which is PCI-DSS Level 1 certified. We never see or store full card details.
- The website is a static site with no database, which significantly reduces the attack surface compared to a traditional dynamic site.
- Form submissions are sent directly to the church office via our form provider; we limit who on staff has access.
- Cloudflare provides DDoS protection, a Web Application Firewall, bot mitigation, and rate limiting on the public-facing site.
No method of transmission over the internet is 100% secure. If you have a security concern, please email ask@valleymetrochurch.com.
10. Data retention
We keep personal information only as long as we need it for the purposes described in this policy or as required by law. Specifically:
- Plan Your Visit and Prayer Wall submissions: kept for up to two years, then deleted, unless you become a regular attender.
- Donation records: kept for at least seven years to comply with IRS recordkeeping requirements for tax-exempt organizations.
- Analytics data: retained according to each provider's default settings (Google Analytics: 14 months; Clarity: 30 days for recordings).
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically.
12. Contact us
Questions about this policy or about how we handle your information? Reach the church office:
Valley Metro Church
Attn: Privacy
19351 Londelius Street
Northridge, CA
Email: ask@valleymetrochurch.com
Phone: (818) 527-1349